<?php
/**
 * Script file
 * @author Serguei Shimansky <privateteacher@mail.ru>
 * @copyright Copyright (c) 2011, Serguei Shimansky
 * @version 1.0
 * @package fast-comment
 */

require_once '../lib/lib_global2.php';
require_once '../inc/vars2.php';
include '../inc/regional.php';

function prepare_str($s) {
	$s = stripslashes($s);
	$s = lib_global2_remove_ents($s);
	$s = lib_global2_clean_xhtml($s);
	$s = lib_global2_remove_tags($s);
	$s = lib_global2_remove_comments($s);
	$s = lib_global2_ensure_lt_gt($s);
	$s = str_replace(array("\n", "\r", "\t", "\v", "\0", "\x0B"), '', preg_replace("/[^\x20-\xFF]/", " ", trim(@strval($s))));
	$s = lib_global2_ord_space($s);
	$s = lib_global2_ensure_amp($s);
	return $s;
}

$guestbook_textarea = '';
if (isset($_GET['guestbook_textarea']) || isset($_POST['guestbook_textarea'])) {$guestbook_textarea = isset($_GET['guestbook_textarea']) ? $_GET['guestbook_textarea'] : $_POST['guestbook_textarea'];}

if (!empty($guestbook_textarea)) {

	$guestbook_textarea = prepare_str($guestbook_textarea);


	$mysql_connect = @mysql_connect($pt_regional['mysql_db_host'], $pt_regional['mysql_db_user'], $pt_regional['mysql_db_pass']) or die(@mysql_error());
	$mysql_select_db = @mysql_select_db($pt_regional['mysql_db_name']) or die(@mysql_error());
	@mysql_query("SET NAMES 'utf8'");

	$query0 = @mysql_query("SELECT `adddate`, `user_login`, `msg`, `user_host`, `user_ip` FROM `$pt_guestbook_demo_table_name` WHERE `msg`='" . mysql_real_escape_string($guestbook_textarea) . "' AND `user_host`='" . $vars2_http_x_forwarded_for . "' AND `user_ip`='" . $vars2_remote_address . "' LIMIT 1;");

	$r = '';

	if (@mysql_num_rows($query0) > 0) {
		$r = 1;
	}

	if (!$r) {
		$query = @mysql_query("DELETE FROM `$pt_guestbook_demo_table_name` WHERE `msg`='" . mysql_real_escape_string($guestbook_textarea) . "' AND `user_host`='" . $vars2_http_x_forwarded_for . "' AND `user_ip`='" . $vars2_remote_address . "';");
		$query1 = @mysql_query("INSERT INTO `$pt_guestbook_demo_table_name` (`adddate`, `user_login`, `msg`, `user_host`, `user_ip`) VALUES (" . $vars2_marker . ", '', '" . mysql_real_escape_string($guestbook_textarea) . "', '" . $vars2_http_x_forwarded_for . "', '" . $vars2_remote_address . "');");
	}
}
